diff options
author | Ryan Gonzalez <ryan.gonzalez@collabora.com> | 2023-03-04 16:23:37 -0600 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2023-03-16 09:54:14 +0000 |
commit | 6cac99dafe6003c8a4bd5666341c217876536869 (patch) | |
tree | c92a66516af774fa92e4b24898f4a55419b335c6 /app | |
parent | 3abfddba92411c16f0690913f9d092ed055df587 (diff) | |
download | flatpak-6cac99dafe6003c8a4bd5666341c217876536869.tar.gz |
Ensure special characters in permissions and metadata are escaped
This prevents someone from placing special characters in order to
manipulate the appearance of the permissions list.
CVE-2023-28101, GHSA-h43h-fwqx-mpp8
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
Diffstat (limited to 'app')
-rw-r--r-- | app/flatpak-builtins-info.c | 8 | ||||
-rw-r--r-- | app/flatpak-builtins-remote-info.c | 5 | ||||
-rw-r--r-- | app/flatpak-cli-transaction.c | 12 |
3 files changed, 18 insertions, 7 deletions
diff --git a/app/flatpak-builtins-info.c b/app/flatpak-builtins-info.c index 5f544579..ed905836 100644 --- a/app/flatpak-builtins-info.c +++ b/app/flatpak-builtins-info.c @@ -400,7 +400,9 @@ flatpak_builtin_info (int argc, char **argv, GCancellable *cancellable, GError * if (!g_file_load_contents (file, cancellable, &data, &data_size, NULL, error)) return FALSE; - g_print ("%s", data); + flatpak_print_escaped_string (data, + FLATPAK_ESCAPE_ALLOW_NEWLINES + | FLATPAK_ESCAPE_DO_NOT_QUOTE); } if (opt_show_permissions || opt_file_access) @@ -421,7 +423,9 @@ flatpak_builtin_info (int argc, char **argv, GCancellable *cancellable, GError * if (contents == NULL) return FALSE; - g_print ("%s", contents); + flatpak_print_escaped_string (contents, + FLATPAK_ESCAPE_ALLOW_NEWLINES + | FLATPAK_ESCAPE_DO_NOT_QUOTE); } if (opt_file_access) diff --git a/app/flatpak-builtins-remote-info.c b/app/flatpak-builtins-remote-info.c index c15eb8a2..bec93e89 100644 --- a/app/flatpak-builtins-remote-info.c +++ b/app/flatpak-builtins-remote-info.c @@ -431,7 +431,10 @@ flatpak_builtin_remote_info (int argc, char **argv, GCancellable *cancellable, G if (opt_show_metadata) { - g_print ("%s", xa_metadata ? xa_metadata : ""); + if (xa_metadata != NULL) + flatpak_print_escaped_string (xa_metadata, + FLATPAK_ESCAPE_ALLOW_NEWLINES + | FLATPAK_ESCAPE_DO_NOT_QUOTE); if (xa_metadata == NULL || !g_str_has_suffix (xa_metadata, "\n")) g_print ("\n"); } diff --git a/app/flatpak-cli-transaction.c b/app/flatpak-cli-transaction.c index 5a08d537..53593bfc 100644 --- a/app/flatpak-cli-transaction.c +++ b/app/flatpak-cli-transaction.c @@ -1121,12 +1121,16 @@ print_perm_line (int idx, int cols) { g_autoptr(GString) res = g_string_new (NULL); + g_autofree char *escaped_first_perm = NULL; int i; - g_string_append_printf (res, " [%d] %s", idx, (char *) items->pdata[0]); + escaped_first_perm = flatpak_escape_string (items->pdata[0], FLATPAK_ESCAPE_DEFAULT); + g_string_append_printf (res, " [%d] %s", idx, escaped_first_perm); for (i = 1; i < items->len; i++) { + g_autofree char *escaped = flatpak_escape_string (items->pdata[i], + FLATPAK_ESCAPE_DEFAULT); char *p; int len; @@ -1135,10 +1139,10 @@ print_perm_line (int idx, p = res->str; len = (res->str + strlen (res->str)) - p; - if (len + strlen ((char *) items->pdata[i]) + 2 >= cols) - g_string_append_printf (res, ",\n %s", (char *) items->pdata[i]); + if (len + strlen (escaped) + 2 >= cols) + g_string_append_printf (res, ",\n %s", escaped); else - g_string_append_printf (res, ", %s", (char *) items->pdata[i]); + g_string_append_printf (res, ", %s", escaped); } g_print ("%s\n", res->str); |